vendor:
eSyndiCat Directory Software
by:
d3v1l
N/A
CVSS
HIGH
SQL Injection
89
CWE
Product Name: eSyndiCat Directory Software
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
eSyndiCat: Multiple SQL Injection’s
The eSyndiCat software is vulnerable to multiple SQL injection attacks. The first attack can be performed by modifying the 'id' parameter in the 'news.php' file, allowing an attacker to retrieve sensitive information from the 'dir_admins' table. The second attack can be performed by modifying the 'name' parameter in the 'page.php' file, allowing an attacker to bypass authentication and access unauthorized information.
Mitigation:
To mitigate these vulnerabilities, it is recommended to implement proper input validation and parameterized queries to prevent SQL injection attacks. Additionally, keeping the software up to date with the latest patches and security updates is crucial.